Reports of a new vulnerability in Microsoft Word

Hi everyone, Stephen Toulouse here. We've been made aware of a new vulnerability in Microsoft Word XP and Word 2003. Customers using the Word viewer to view documents are not impacted. Yesterday we recieved a report that a customer had been subjected to a very targeted attack using this vulnerability.

Here's what we know: In order for this attack to be carried out, a user must first open a malicious Word document attached to an e-mail or otherwise provided to them by an attacker. (note that opening it out of email will prompt you to be careful about opening the attachment) So remember to be very careful opening unsolicited attachments from both known and unknown sources.

So what are we doing?

Our anti-malware teams are adding detection to the Windows Live Safety Center today for up-to-date removal of malicious software that attempts to exploit the vulnerability. The Windows Live Safety Center is located at the following website:

We’re also actively sharing that information with our Virus Information Alliance partners so that their detection can be up to date to detect and remove attacks. The Office team is hard at work on an update that addresses the vulnerability. It's in testing right now to make sure it's of the right quality for release. Right now we're on schedule to be released as part of the June security updates on June 13, 2006, or sooner as warranted.

As always, customers who believe they are affected can contact Product Support Services. You can contact Product Support Services in North America for help with security update issues or viruses at no charge using the PC Safety line (1866-PCSAFETY) and international customers by using any method found at this location: http://support.microsoft.com/security.

S.

*This posting is provided "AS IS" with no warranties, and confers no rights.*